DriverGuard: Virtualization based fine-grained protection on I/O flows

Most commodity peripheral devices and their drivers are geared to achieve high performance with security functions being opted out. The absence of strong security measures invites attacks on the I/O data and consequently posts threats to those services feeding on them, such as fingerprint-based biom...

Full description

Saved in:
Bibliographic Details
Main Authors: CHENG, Yueqiang, DING, Xuhua, DENG, Robert H.
Format: text
Language:English
Published: Institutional Knowledge at Singapore Management University 2013
Subjects:
Online Access:https://ink.library.smu.edu.sg/sis_research/1939
https://ink.library.smu.edu.sg/context/sis_research/article/2938/viewcontent/a6_cheng.pdf
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Singapore Management University
Language: English
id sg-smu-ink.sis_research-2938
record_format dspace
spelling sg-smu-ink.sis_research-29382018-07-13T03:22:45Z DriverGuard: Virtualization based fine-grained protection on I/O flows CHENG, Yueqiang DING, Xuhua DENG, Robert H. Most commodity peripheral devices and their drivers are geared to achieve high performance with security functions being opted out. The absence of strong security measures invites attacks on the I/O data and consequently posts threats to those services feeding on them, such as fingerprint-based biometric authentication. In this article, we present a generic solution called DriverGuard, which dynamically protects the secrecy of I/O flows such that the I/O data are not exposed to the malicious kernel. Our design leverages a composite of cryptographic and virtualization techniques to achieve fine-grained protection without using any extra devices and modifications on user applications. We implement the DriverGuard prototype on Xen by adding around 1.7K SLOC. DriverGuard is lightweight as it only needs to protect around 2% of the driver code’s execution. We measure the performance and evaluate the security of DriverGuard with three input devices (keyboard, fingerprint reader and camera) and three output devices (printer, graphic card, and sound card). The experiment results show that DriverGuard induces negligible overhead to the applications. 2013-09-01T07:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/1939 info:doi/10.1145/2505123 https://ink.library.smu.edu.sg/context/sis_research/article/2938/viewcontent/a6_cheng.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Virtualization hypervisor I/O data protection untrusted OS trusted path Information Security
institution Singapore Management University
building SMU Libraries
continent Asia
country Singapore
Singapore
content_provider SMU Libraries
collection InK@SMU
language English
topic Virtualization
hypervisor
I/O data protection
untrusted OS
trusted path
Information Security
spellingShingle Virtualization
hypervisor
I/O data protection
untrusted OS
trusted path
Information Security
CHENG, Yueqiang
DING, Xuhua
DENG, Robert H.
DriverGuard: Virtualization based fine-grained protection on I/O flows
description Most commodity peripheral devices and their drivers are geared to achieve high performance with security functions being opted out. The absence of strong security measures invites attacks on the I/O data and consequently posts threats to those services feeding on them, such as fingerprint-based biometric authentication. In this article, we present a generic solution called DriverGuard, which dynamically protects the secrecy of I/O flows such that the I/O data are not exposed to the malicious kernel. Our design leverages a composite of cryptographic and virtualization techniques to achieve fine-grained protection without using any extra devices and modifications on user applications. We implement the DriverGuard prototype on Xen by adding around 1.7K SLOC. DriverGuard is lightweight as it only needs to protect around 2% of the driver code’s execution. We measure the performance and evaluate the security of DriverGuard with three input devices (keyboard, fingerprint reader and camera) and three output devices (printer, graphic card, and sound card). The experiment results show that DriverGuard induces negligible overhead to the applications.
format text
author CHENG, Yueqiang
DING, Xuhua
DENG, Robert H.
author_facet CHENG, Yueqiang
DING, Xuhua
DENG, Robert H.
author_sort CHENG, Yueqiang
title DriverGuard: Virtualization based fine-grained protection on I/O flows
title_short DriverGuard: Virtualization based fine-grained protection on I/O flows
title_full DriverGuard: Virtualization based fine-grained protection on I/O flows
title_fullStr DriverGuard: Virtualization based fine-grained protection on I/O flows
title_full_unstemmed DriverGuard: Virtualization based fine-grained protection on I/O flows
title_sort driverguard: virtualization based fine-grained protection on i/o flows
publisher Institutional Knowledge at Singapore Management University
publishDate 2013
url https://ink.library.smu.edu.sg/sis_research/1939
https://ink.library.smu.edu.sg/context/sis_research/article/2938/viewcontent/a6_cheng.pdf
_version_ 1770571691517280256